Add results priority (AST-105849) (#1227)

* Add Containers Realtime Scanner

* Add results priority feature

Author: cx-sarah-chen

package.json

@@ -954,6 +954,58 @@
             ]
           }
         }
+      },
+      {
+        "title": "Activate ASCA Realtime",
+        "id": "asca-realtime-scanner",
+        "order": 2,
+        "properties": {
+          "Checkmarx AI Secure Coding Assistant (ASCA) Realtime Scanner.Activate ASCA Realtime": {
+            "type": "boolean",
+            "order": 3,
+            "default": false,
+            "markdownDescription": "Scans your code files for security best practices as you code"
+          }
+        }
+      },
+      {
+        "title": "Activate OSS-Realtime",
+        "id": "realtime-scanner",
+        "order": 2,
+        "properties": {
+          "Checkmarx Open Source Realtime Scanner (OSS-Realtime).Activate OSS-Realtime": {
+            "type": "boolean",
+            "order": 3,
+            "default": false,
+            "markdownDescription": "Scans your manifest files as you code"
+          }
+        }
+      },
+      {
+        "title": "Activate Secret Detection Realtime",
+        "id": "secret-scanner",
+        "order": 2,
+        "properties": {
+          "Checkmarx Secret Detection Realtime Scanner.Activate Secret Detection Realtime": {
+            "type": "boolean",
+            "order": 3,
+            "default": false,
+            "markdownDescription": "Scans your files for potential secrets and credentials as you code"
+          }
+        }
+      },
+      {
+        "title": "Activate Containers Realtime",
+        "id": "containers-realtime-scanner",
+        "order": 2,
+        "properties": {
+          "Checkmarx Containers Realtime Scanner.Activate Containers Realtime": {
+            "type": "boolean",
+            "order": 3,
+            "default": false,
+            "markdownDescription": "Scans your Docker files and container configurations for vulnerabilities as you code"
+          }
+        }
       }
     ]
   },

src/realtimeScanners/common/baseScannerService.ts

@@ -3,18 +3,33 @@ import * as fs from "fs";
 import * as path from "path";
 import * as os from "os";
 import { Logs } from "../../models/logs";
-import { IScannerService, IScannerConfig } from "./types";
+import { IScannerService, IScannerConfig, AscaHoverData, SecretsHoverData } from "./types";
 import { createHash } from "crypto";
 
 export abstract class BaseScannerService implements IScannerService {
   public config: IScannerConfig;
   diagnosticCollection: vscode.DiagnosticCollection;
 
+  private static diagnosticCollections = new Map<string, vscode.DiagnosticCollection>();
+  private static hoverDataMaps = new Map<string, Map<string, SecretsHoverData | AscaHoverData>>();
+
   constructor(config: IScannerConfig) {
     this.config = config;
     this.diagnosticCollection = vscode.languages.createDiagnosticCollection(
       config.engineName
     );
+
+    BaseScannerService.diagnosticCollections.set(config.engineName, this.diagnosticCollection);
+  }
+
+  protected getOtherScannerCollection(engineName: string): vscode.DiagnosticCollection | undefined {
+    return BaseScannerService.diagnosticCollections.get(engineName);
+  }
+  protected registerHoverDataMap(hoverDataMap: Map<string, SecretsHoverData | AscaHoverData>): void {
+    BaseScannerService.hoverDataMaps.set(this.config.engineName, hoverDataMap);
+  }
+  protected getOtherScannerHoverData(engineName: string): Map<string, SecretsHoverData | AscaHoverData> | undefined {
+    return BaseScannerService.hoverDataMaps.get(engineName);
   }
 
   abstract scan(document: vscode.TextDocument, logs: Logs): Promise<void>;
@@ -70,7 +85,7 @@ export abstract class BaseScannerService implements IScannerService {
 
   protected generateFileHash(input: string): string {
     return createHash("sha256")
-      .update(input )
+      .update(input)
       .digest("hex")
       .substring(0, 16);
   }

src/realtimeScanners/scanners/asca/ascaScannerService.ts

@@ -56,6 +56,8 @@ export class AscaScannerService extends BaseScannerService {
 			errorMessage: constants.errorAscaScanRealtime
 		};
 		super(config);
+
+		this.registerHoverDataMap(this.ascaHoverData);
 	}
 
 	shouldScanFile(document: vscode.TextDocument): boolean {
@@ -120,6 +122,21 @@ export class AscaScannerService extends BaseScannerService {
 		}
 	}
 
+	private hasSecretsAtLine(uri: vscode.Uri, lineNumber: number): boolean {
+		const secretsCollection = this.getOtherScannerCollection(constants.secretsScannerEngineName);
+		if (secretsCollection) {
+			const secretsDiagnostics = vscode.languages.getDiagnostics(uri).filter(diagnostic => {
+				const diagnosticData = (diagnostic as vscode.Diagnostic & { data?: CxDiagnosticData }).data;
+				return diagnosticData?.cxType === constants.secretsScannerEngineName;
+			});
+
+			if (secretsDiagnostics.some(diagnostic => diagnostic.range.start.line === lineNumber)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 	updateProblems<T = unknown>(problems: T, uri: vscode.Uri): void {
 		const scanResults = problems as unknown as CxAsca;
 		const filePath = uri.fsPath;
@@ -133,6 +150,10 @@ export class AscaScannerService extends BaseScannerService {
 		const lowDecorations: vscode.DecorationOptions[] = [];
 
 		for (const result of scanResults.scanDetails) {
+			if (this.hasSecretsAtLine(uri, result.line - 1)) {
+				continue;
+			}
+
 			const problemText = result.problematicLine;
 			const startIndex = problemText.length - problemText.trimStart().length;
 

src/realtimeScanners/scanners/secrets/secretsScannerService.ts

@@ -2,7 +2,7 @@
 import * as vscode from "vscode";
 import { Logs } from "../../../models/logs";
 import { BaseScannerService } from "../../common/baseScannerService";
-import { IScannerConfig, CxDiagnosticData } from "../../common/types";
+import { IScannerConfig, CxDiagnosticData, SecretsHoverData } from "../../common/types";
 import { constants } from "../../../utils/common/constants";
 import { IgnoreFileManager } from "../../common/ignoreFileManager";
 import { minimatch } from "minimatch";
@@ -21,7 +21,7 @@ export class SecretsScannerService extends BaseScannerService {
 
 	private documentOpenListener: vscode.Disposable | undefined;
 	private editorChangeListener: vscode.Disposable | undefined;
-	public secretsHoverData: Map<string, any> = new Map();
+	public secretsHoverData: Map<string, SecretsHoverData> = new Map();
 
 	private createDecoration(iconName: string, size: string = "auto"): vscode.TextEditorDecorationType {
 		return vscode.window.createTextEditorDecorationType({
@@ -50,6 +50,8 @@ export class SecretsScannerService extends BaseScannerService {
 			errorMessage: constants.errorSecretsScanRealtime,
 		};
 		super(config);
+
+		this.registerHoverDataMap(this.secretsHoverData);
 	}
 
 	shouldScanFile(document: vscode.TextDocument): boolean {
@@ -138,6 +140,29 @@ export class SecretsScannerService extends BaseScannerService {
 		}
 	}
 
+	private removeAscaDiagnosticsAtLine(uri: vscode.Uri, lineNumber: number): void {
+		const ascaCollection = this.getOtherScannerCollection(constants.ascaRealtimeScannerEngineName);
+		if (!ascaCollection) { return; }
+
+		const ascaDiagnostics = vscode.languages.getDiagnostics(uri).filter(diagnostic => {
+			const diagnosticData = (diagnostic as vscode.Diagnostic & { data?: CxDiagnosticData }).data;
+			return diagnosticData?.cxType === 'asca';
+		});
+
+		const filteredDiagnostics = ascaDiagnostics.filter(diagnostic =>
+			diagnostic.range.start.line !== lineNumber
+		);
+		ascaCollection.set(uri, filteredDiagnostics);
+	}
+
+	private removeAscaHoverDataAtLine(filePath: string, lineNumber: number): void {
+		const ascaHoverData = this.getOtherScannerHoverData(constants.ascaRealtimeScannerEngineName);
+		if (!ascaHoverData) { return; } 
+
+		const key = `${filePath}:${lineNumber}`;
+		ascaHoverData.delete(key);
+	}
+
 	updateProblems<T = unknown>(problems: T, uri: vscode.Uri): void {
 		const secretsProblems = problems as CxSecretsResult[];
 		const filePath = uri.fsPath;
@@ -149,6 +174,10 @@ export class SecretsScannerService extends BaseScannerService {
 		for (const problem of secretsProblems) {
 			if (problem.locations.length === 0) { continue; }
 			const location = problem.locations[0];
+
+			this.removeAscaDiagnosticsAtLine(uri, location.line);
+			this.removeAscaHoverDataAtLine(filePath, location.line);
+
 			const range = new vscode.Range(
 				new vscode.Position(location.line, location.startIndex),
 				new vscode.Position(location.line, location.endIndex)

src/utils/common/constants.ts

@@ -157,7 +157,7 @@ export const constants = {
   ascaRealtimeScanner: "Checkmarx AI Secure Coding Assistant (ASCA) Realtime Scanner",
   ascaRealtimeScannerStart: "ASCA Realtime Scanner Engine started",
   ascaRealtimeScannerDisabled: "ASCA Realtime Scanner Engine disabled",
-  ascaRealtimeScannerEngineName: "AscaRealtimeScanner",
+  ascaRealtimeScannerEngineName: "Asca",
   ascaRealtimeScannerDirectory: "Cx-asca-realtime-scanner",
   errorAscaInstallation: "Failed to run ASCA engine",
   errorAscaScanRealtime: "Failed to handle ASCA Realtime scan",